Symantec Access Management

Expand all | Collapse all

smsession cookie of one environment is overriding the cookie of another environment

  • 1.  smsession cookie of one environment is overriding the cookie of another environment

    Posted 02-27-2018 01:45 PM

    We have 3 different environments, Dev,Test and Production.

    For some reason, Client wants to access them in the same browser.

    If Client has accessed test environment and then he logs in to the production environment then Production smsession cookie overrides the existing cookie for Test however its always Production cookie which overrides the Test smsession cookie never vice versa. 

    Similarly Dev smsession cookie overrides Production smsession cookie but never vice versa.

    I understand one way to address it would be renaming the cookies using SSOZones however that would be cumbersome process for the whole environment.

     

    Any Suggestions? #siteminderr12.52 #siteminder #single-sign-on #smsession



  • 2.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Posted 02-28-2018 06:13 AM

    I am assuming cookie domain is same for all three environment here.

    If so, the only option is using security zones.



  • 3.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Posted 02-28-2018 06:17 AM

    No, Cookie domain is different for all 3



  • 4.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Posted 02-28-2018 06:19 AM

    What are they like?

     

    Sent from my iPhone



  • 5.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Posted 02-28-2018 06:25 AM

    they are like: .test.x.com and x.com . Will they be treated as same?



  • 6.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Posted 02-28-2018 06:28 AM

    It may. Depends on what is the configuration for CookieDomain, CookieDomainScope ACO param in each of the environment.


    Note, cookie created for .x.com is also submitted for domain “.test.x.com” by browser



  • 7.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Broadcom Employee
    Posted 02-28-2018 07:22 AM

    Can the customer use incognito or private browsing to get round this?



  • 8.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Posted 02-28-2018 01:01 PM

    unfortunately NO



  • 9.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Broadcom Employee
    Posted 03-01-2018 07:13 AM

    Hi Satyendra,

     

    I would then say that only creating SSO Security Zones would help, especially for the environments sharing the .x.com domain. You already contemplated this option, but it was added for this purpose.

     

    Security Zones for Single Sign-on - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation 



  • 10.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Posted 03-01-2018 07:31 AM

    Hello Albert,

    Though they are sharing .x.com but they are not exactly identical as one is  .test.x.com(cookie domain scope = 3) whereas other one is :  .x.com , Hence in my opinion they should be uniquely identifiable as cookie domain scope in case of .test.x.com is 3.

    let me know what you think



  • 11.  Re: smsession cookie of one environment is overriding the cookie of another environment

    Broadcom Employee
    Posted 03-01-2018 08:30 AM

    But you have 2 environments that will share the domain, right? I mean:

     

    You mentioned there are 3 different environments: Dev, Test and Prod. One uses .test.x.com (with a specific cookie domain scope set), and I understand Dev & Prod uses .x.com both, right?